高可用
目录高可用
一般是指2台机器启动着完全相同的业务系统,当有一台机器down机了,另外一台服务器就能快速的接管,对于访问的用户是无感知的。
高可用软件
·keepalived
·heartbeat
·RoseHA
keepalived协议
VRRP :虚拟路由冗余协议
VRRP就出现了,我们的VRRP其实是通过软件或者硬件的形式在Master和Backup外面增加一个虚拟的MAC地址(VMAC)与虚拟IP地址(VIP),那么在这种情况下,PC请求VIP的时候,无论是Master处理还是Backup处理,PC仅会在ARP缓存表中记录VMAC与VIP的信息。
keepalived概念
优先级
如何确定谁是主节点谁是备节点
抢占式、非抢占式
如果Master故障,Backup自动接管,那么Master回复后会夺权吗
脑裂
如果两台服务器都认为自己是Master会出现什么问题
部署keepalived高可用软件
keepalived工作原理
1.哪些机器需要做高可用,就要在哪些机器上安装keepalived
2.keepalived的主节点会心跳检测(想要证明应用或者主机是否存活)
3.如果心跳检测失败,就杀掉自己(keepalived)
4.VIP到备节点上
环境准备
| 主机 | 角色 | 外网IP | 内网IP | 安装软件 |
|---|---|---|---|---|
| lb01 | 主节点(master) | 10.0.0.5 | 172.16.1.5 | nginx、keepalived |
| lb02 | 备节点(backup) | 10.0.0.6 | 172.16.1.6 | nginx、keepalived |
| VIP | 虚拟IP | 10.0.0.3 |
安装Keepalived
# 1.安装keepalived
[root@lb01 ~]# yum install -y keepalived
[root@lb02 ~]# yum install -y keepalived
# 2.修改主节点配置文件
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称
}
vrrp_instance VI_1 {
state MASTER #标识角色状态
interface eth0 #网卡绑定接口
virtual_router_id 50 #虚拟路由id
priority 150 #优先级
advert_int 1 #监测间隔时间
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
}
# 3.修改备节点配置文件
[root@lb02 conf.d]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
# 4.启动主节点和备节点服务
[root@lb01 ~]# systemctl start keepalived
[root@lb02 ~]# systemctl start keepalived
# 5.加入开机自启
[root@lb01 ~]# systemctl enable keepalived
[root@lb02 ~]# systemctl enable keepalived
# 6.查看VIP
[root@lb01 ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group
default qlen 1000
link/ether 00:0c:29:17:c4:b7 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.5/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 10.0.0.3/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe17:c4b7/64 scope link
valid_lft forever preferred_lft forever
# 7.检测IP是否可以漂移
[root@lb01 ~]# systemctl stop keepalieved
主节点和备节点的配置文件区别
| Keepalived配置区别 | Master节点配置 | Backup节点配置 |
|---|---|---|
| route_id(唯一标识) | router_id lb01 | router_id lb02 |
| state(角色状态) | state MASTER | state BACKUP |
| priority(竞选优先级) | priority 150 | priority 100 |
非抢占式配置
[root@lb01 conf.d]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb02 conf.d]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
keepalived结合nginx实现负载均衡的高可用
## 1.编写监听nginx的脚本
[root@lb01 ~]# vim /root/check_nginx.sh
#!/bin/sh
nginx_count=$(ps -ef|grep [n]ginx|wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginx_count -eq 0 ];then
#systemctl start nginx
#sleep 3
#2.等待3秒后再次获取一次Nginx状态
#nginx_count=$(ps -ef|grep [n]ginx|wc -l)
#3.再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚本
#if [ $nginx_count -eq 0 ];then
systemctl stop keepalived
#fi
fi
## 2.修改主节点的配置文件
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称
}
## 注意:执行的脚本名字,最好不要带进程名
vrrp_script check_web {
script "/root/check.sh" # 脚本路径
interval 5 # 检测时间(每5秒执行一次检测脚本)
}
vrrp_instance VI_1 {
state MASTER #标识角色状态
interface eth0 #网卡绑定接口
virtual_router_id 50 #虚拟路由id
priority 150 #优先级
advert_int 1 #监测间隔时间
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
track_script {
check_web
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
}
## 3.重启keepalived
[root@lb01 ~]# systemctl restart keepalived
## 4.给脚本执行权限
[root@lb01 ~]# chmod +x /root/check.sh
脑裂故障
脑裂
由于某些原因,导致两台keepalived高可用服务器在指定时间内,无法检测到对方的心跳,个字去的资源及服务的所有权,而此时的两台高可用服务器又都还活着。
原因
1、服务器网线松动等网络故障
2、服务器硬件故障发生损坏现象而崩溃
3、主备都开启firewalld防火墙